Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-1336

CWE-1336

Improper Neutralization of Special Elements Used in a Template Engine

Parent: CWE-94 - Improper Control of Generation of Code ('Code Injection')

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

175 vulnerabilities with CWE-1336

CVE-2025-14731 MEDIUM

CTCMS Content Management System <2.1.2 - XSS

CVE-2025-66438 HIGH

ERPNext < 15.89.0 - Authenticated Server-Side Template Injection via Print Format HTML Field

CVE-2025-66437 HIGH

Frappe ERPNext <= 15.89.0 - Authenticated Server-Side Template Injection via Address Template

CVE-2025-66436 MEDIUM

Frappe ERPNext < 15.89.0 - Authenticated Server-Side Template Injection via get_terms_and_conditions

CVE-2025-66435 MEDIUM

Frappe ERPNext < 15.89.0 - Authenticated Server-Side Template Injection via Contract Template

CVE-2025-66434 HIGH

Frappe ERPNext < 15.89.0 - Authenticated Server-Side Template Injection via get_dunning_letter_text

CVE-2025-65602 CRITICAL

ChanCMS 3.3.4 - Unauthenticated Remote Code Execution via Template Injection in /vip/v1/file/save

CVE-2025-66299 HIGH

Grav < 1.8.0-beta.27 - Authenticated Server-Side Template Injection via Twig Directive Manipulation

CVE-2025-66298 HIGH

Grav <1.8.0-beta.27 - Info Disclosure

CVE-2025-66297 HIGH

Grav <1.8.0-beta.27 - RCE/Privilege Escalation

CVE-2025-66294 HIGH

Grav < 1.8.0-beta.27 - Server-Side Template Injection via Weak Twig Validation

CVE-2025-66361 MEDIUM

Logpoint SIEM < 7.7.0 - Sensitive Information Exposure in System Processes

CVE-2025-65106 HIGH

langchain-core 1.0.0-1.0.6 - Template Injection via Untrusted Template Strings

CVE-2025-62369 HIGH

Xibo 4.1.0-4.3.0 - Authenticated Remote Code Execution via CMS Developer Module Templating

CVE-2025-60355 CRITICAL

zhangyd-c OneBlog <2.3.9 - Server-Side Template Injection

CVE-2025-62416 MEDIUM

Bagisto < 2.3.8 - Authenticated Server-Side Template Injection in Product Description Renderer

CVE-2025-37729 CRITICAL

Elastic Cloud Enterprise - Info Disclosure

CVE-2025-54287 MEDIUM

Canonical LXD >=4.0 - Info Disclosure

CVE-2025-10380 HIGH

Advanced Views - Server-Side Template Injection

CVE-2025-59340 CRITICAL

jinjava < 2.8.1 - Remote Code Execution via ObjectMapper Deserialization

CVE-2025-52122 CRITICAL

Freeform 5.0.0-5.10.15 - Server-Side Template Injection via Form Submission Title

CVE-2025-35113 MEDIUM

Agiloft 19-28 - Authenticated Remote Code Execution via EUI Template Injection

CVE-2025-57811 HIGH

Craft CMS 4.0.0-RC1-4.16.5 and 5.0.0-RC1-5.8.6 - Remote Code Execution via Twig SSTI

CVE-2025-9094 MEDIUM

ThingsBoard 4.1 - Server-Side Template Injection in Add Gateway Handler

CVE-2025-53909 CRITICAL

mailcow: dockerized <2025-07 - SSTI

Previous Page 4 of 7 Next

Details

Vulnerabilities 175

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy